Gentoo Linux Security Advisory 201006-1 - Multiple vulnerabilities in FreeType might result in the remote execution of arbitrary code. Multiple issues found in FreeType 2 were also discovered in FreeType 1. For details on these issues, please review the Gentoo Linux Security Advisories and CVE identifiers referenced below. Versions less than 1.4_pre20080316-r2 are affected.
109a3a117318affac0281fc5c8efacd287ad72cdbe76e93b7a92016f4cd799a1Debian Security Advisory 1334-1 - A problem was discovered with freetype, a FreeType2 font engine, which could allow the execution of arbitrary code via an integer overflow in specially crafted TTF files.
06bb6b4b71b546ba421a4a5a243648d9e55cc79d1ce6286d82e281db63340834Gentoo Linux Security Advisory GLSA 200707-02 - John Heasman of NGSSoftware has discovered a heap-based buffer overflow when parsing the prdata tag in RTF files where the first token is smaller than the second one (CVE-2007-0245). Additionally, the OpenOffice binary program is shipped with a version of FreeType that contains an integer signedness error in the n_points variable in file truetype/ttgload.c, which was covered by GLSA 200705-22 (CVE-2007-2754). Versions less than 2.2.1 are affected.
9cb04ef59403568b53c2c509e72a62320270f7ee1742c121678b4e3642d88dbbMandriva Linux Security Advisory - An integer overflow vulnerability was discovered in the way the FreeType font engine processed TTF files. If a user were to load a special font file with a program linked against freetype, it could cause the application to crash or possibly execute arbitrary code as the user running the program.
94960e6f55bc1b10bf6a19df85e9a6c69aa8b76672a3ba11ef83907969b799a6Debian Security Advisory 1302-1 - A problem was discovered with freetype, a FreeTyp2 font engine, which could allow the execution of arbitrary code via an integer overflow in specially crafted TTF files.
c124f95dee3404561bbca91bcb78c6545f445033ef06d0760d1d298d1f9b0e9eOpenPKG Security Advisory - A vulnerability caused by an integer signedness error was found by Victor Stinner in the font rendering library Freetype, versions up to and including 2.3.4. The vulnerability might allow remote attackers to execute arbitrary code via a specially crafted TrueType Font (TTF) file with a negative "n_points" value, which leads to an integer overflow and heap-based buffer overflow.
20e3597f4528c3bf943c842d2c4a790a8846089007afb586832a34877de6bcb1
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed